As the clock counts down for the rest of us, ICANN (Internet Corporation for Assigned Names and Numbers) says… can we have our own date for GDPR readiness (we’re special and not like the others)!
ICANN is a non-profit organisation that is in charge of maintaining and coordinating the Internet, namely the Internet Protocol (IP) addresses and the Domain Name System (DNS).
What does it mean for me?
ICANN is responsible for WHOIS – the service that provides information about domain name owners and their contact information. Right now, you can look up any domain on the planet and unless that domain has paid to opt out, this look-up shows personal information (for an annual fee). You will, therefore, find the name, address, email and often the phone number of the domain owner.
So how does that sit with GDPR?
Actually, not very well at all!
Their approach is fundamentally inconsistent with GDPR because it doesn’t give anyone the right to say what is done with their personal data.
It appears that ICANN has left its preparations rather late – so late in fact that they want to be exempt from GDPR for another year! This has not gone down well, as this report by The Register shows.
Instead of confessing that they arrived a bit late to the table regarding GDPR, they have said that their services will break (or become “fragmented”) if they aren’t given more time.
And even worse is that the potential value of WHOIS is at stake.
Security expert Brian Krebs explained, “WHOIS is probably the single most useful tool we have right now for tracking down cybercrooks and/or for disrupting their operations. WHOIS records are a key way that researchers reach out to website owners when their sites are hacked to host phishing pages or to foist malware on visitors. These records also are indispensable for tracking down cybercrime victims, sources, and the cybercrooks themselves. I remain extremely concerned about the potential impact of WHOIS records going dark across the board.”
If you’d like to discuss issues relating to IT data security or have any questions on GDPR, or any other IT support query, please feel free to give us a call on 020 72 41 22 55 or fill out our contact form and we’ll quickly get back to you.